Squire1039Feb 29, 2024

Cutout.Pro, an AI-powered visual design platform, leaked 20M records, including email and IP addresses, names and salted MD5 password hashes, which have then been broadly distributed.

https://lemm.ee/post/25232754

Cutout.Pro, an AI-powered visual design platform, leaked 20M records, including email and IP addresses, names and salted MD5 password hashes, which have then been broadly distributed. - lemm.ee

Haha, brand new company with MD5 password hashes. Maybe they oughta consult about securities with their/other AIs more often. Hopefully, nobody did anything naughty on the site. Other links on the story: * https://cybernews.com/security/ai-editing-service-leaks-images-customer-data/ [https://cybernews.com/security/ai-editing-service-leaks-images-customer-data/] * https://www.hackread.com/ai-image-editing-tool-cutout-data-leak/ [https://www.hackread.com/ai-image-editing-tool-cutout-data-leak/]

Show threadArtVandelayFeb 29, 2024
It’s a good thing not just everybody can afford a raspberry pi zero that would be necessary to crack an MD5 in seconds
Show threadvikingFeb 29, 2024

That really depends on the password complexity. Sure, you can crack a password of 6-8 characters in below 30 minutes, but anything more complex than that will take days and longer.

My default password is 22 characters long and includes a unique identifier for each service plus a checksum. Say as an example (similar enough to my actual use case) for Adobe I’ll have “Ae” (first and last letter of the service) and “41” in a specific position (A = 41 in Hex).

That way even if I repeat the other 18 characters (including symbols, upper and lower case characters) it will take years to crack my password, and the hash is unique for each service/website, so there won’t be any collateral damage either, even if some service I used got breached and my password somehow fully exposed.

Show threadRiQuY
I guess then “hunter2” users are in trouble.
Feb 29, 2024 at 4:31amWeb